undefined | Better HN

0 pointsest5y ago0 comments

> simply use a normal domain or subdomain and get a regular TLS certificate

Yes I can make that switch, but I also think every domain should be considered normal.

However in this particular case, the Intranet TLD is purposely hidden from public resolvers.

0 comments

By definition, ICANN TLDs are considered special, because the whole www PKI infrastructure only works for those. Browsers cater to those TLDs, and CAs have guidelines for those.

I understand the need for hiding your TLD though. I don't see a nice solution here, sadly.

j / k navigate · click thread line to collapse

0 pointsest5y ago0 comments

> simply use a normal domain or subdomain and get a regular TLS certificate

Yes I can make that switch, but I also think every domain should be considered normal.

However in this particular case, the Intranet TLD is purposely hidden from public resolvers.

0 comments

captn3m05y ago

By definition, ICANN TLDs are considered special, because the whole www PKI infrastructure only works for those. Browsers cater to those TLDs, and CAs have guidelines for those.

I understand the need for hiding your TLD though. I don't see a nice solution here, sadly.

j / k navigate · click thread line to collapse